From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 18/35] python3-rsa: Update to version 4.8 and python-3.10
Date: Fri, 28 Jan 2022 13:00:10 +0000
Message-ID: <b38ffb9e-c28b-8d00-cbcf-1e3792122f5e@ipfire.org>
In-Reply-To: <20220124161656.71960-18-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8787410405436687384=="
List-Id: <development.lists.ipfire.org>

--===============8787410405436687384==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> - Update from 4.0 to 4.8
> - Update of rootfile
> - Changelog
> - Switch to [Poetry](https://python-poetry.org/) for dependency and release=
 management.
> - Compatibility with Python 3.10.
> - Chain exceptions using `raise new_exception from old_exception`
>   ([#157](https://github.com/sybrenstuvel/python-rsa/pull/157))
> - Added marker file for PEP 561. This will allow type checking tools in dep=
endent projects
>   to use type annotations from Python-RSA
>   ([#136](https://github.com/sybrenstuvel/python-rsa/pull/136)).
> - Use the Chinese Remainder Theorem when decrypting with a private key. This
>   makes decryption 2-4x faster
>   ([#163](https://github.com/sybrenstuvel/python-rsa/pull/163)).
> - Fix picking/unpickling issue introduced in 4.7
>   ([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
> - Fix threading issue introduced in 4.7
>   ([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
> - Fix [#165](https://github.com/sybrenstuvel/python-rsa/issues/165):
>   CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryp=
tion
>   code
> - Add padding length check as described by PKCS#1 v1.5 (Fixes
>   [#164](https://github.com/sybrenstuvel/python-rsa/issues/164))
> - Reuse of blinding factors to speed up blinding operations.
>   Fixes [#162](https://github.com/sybrenstuvel/python-rsa/issues/162).
> - Declare & test support for Python 3.9
> Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requi=
res
> Python 3.5+. To avoid older Python installations from trying to upgrade to =
RSA
> 4.4, this is now made explicit in the `python_requires` argument in `setup.=
py`.
> There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to
> retag 4.4 as 4.6 as well.
> No functional changes compared to version 4.2.
> Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the
> last to support Python 2.7. This is now made explicit in the `python_requir=
es`
> argument in `setup.py`. Python 3.4 is not supported by this release. There =
was a
> mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 =
as
> 4.5 as well.
> Two security fixes have also been backported, so 4.3 =3D 4.0 + these two fi=
xes.
> - Choose blinding factor relatively prime to N. Thanks Christian Heimes for=
 pointing this out.
> - Reject cyphertexts (when decrypting) and signatures (when verifying) that=
 have
>   been modified by prepending zero bytes. This resolves CVE-2020-13757. Tha=
nks
>   Carnil for pointing this out.
> - Rolled back the switch to Poetry, and reverted back to using Pipenv + set=
up.py
>   for dependency management. There apparently is an issue no-binary install=
s of
>   packages build with Poetry. This fixes
>   [#148](https://github.com/sybrenstuvel/python-rsa/issues/148)
> - Limited SHA3 support to those Python versions (3.6+) that support it nati=
vely.
>   The third-party library that adds support for this to Python 3.5 is a bin=
ary
>   package, and thus breaks the pure-Python nature of Python-RSA.
>   This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/=
147).
> - Added support for Python 3.8.
> - Dropped support for Python 2 and 3.4.
> - Added type annotations to the source code. This will make Python-RSA easi=
er to use in
>   your IDE, and allows better type checking.
> - Added static type checking via [MyPy](http://mypy-lang.org/).
> - Fix [#129](https://github.com/sybrenstuvel/python-rsa/issues/129) Install=
ing from source
>   gives UnicodeDecodeError.
> - Switched to using [Poetry](https://poetry.eustace.io/) for package
>   management.
> - Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This
>   is natively supported by Python 3.6+ and supported via a third-party
>   library on Python 3.5.
> - Choose blinding factor relatively prime to N. Thanks Christian Heimes for=
 pointing this out.
> - Reject cyphertexts (when decrypting) and signatures (when verifying) that=
 have
>   been modified by prepending zero bytes. This resolves CVE-2020-13757. Tha=
nks
>   Adelapie for pointing this out.
>=20
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>  config/rootfiles/packages/python3-rsa | 48 +++++++++++++--------------
>  lfs/python3-rsa                       |  8 ++---
>  2 files changed, 28 insertions(+), 28 deletions(-)
>=20
> diff --git a/config/rootfiles/packages/python3-rsa b/config/rootfiles/packa=
ges/python3-rsa
> index ae16a6649..73ac732ad 100644
> --- a/config/rootfiles/packages/python3-rsa
> +++ b/config/rootfiles/packages/python3-rsa
> @@ -4,27 +4,27 @@ usr/bin/pyrsa-keygen
>  usr/bin/pyrsa-priv2pub
>  usr/bin/pyrsa-sign
>  usr/bin/pyrsa-verify
> -#usr/lib/python3.8/site-packages/rsa
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/PKG-INFO
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/SOURCES.txt
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/dependency_links.t=
xt
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/entry_points.txt
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/requires.txt
> -#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/top_level.txt
> -usr/lib/python3.8/site-packages/rsa/__init__.py
> -usr/lib/python3.8/site-packages/rsa/_compat.py
> -usr/lib/python3.8/site-packages/rsa/asn1.py
> -usr/lib/python3.8/site-packages/rsa/cli.py
> -usr/lib/python3.8/site-packages/rsa/common.py
> -usr/lib/python3.8/site-packages/rsa/core.py
> -usr/lib/python3.8/site-packages/rsa/key.py
> -usr/lib/python3.8/site-packages/rsa/machine_size.py
> -usr/lib/python3.8/site-packages/rsa/parallel.py
> -usr/lib/python3.8/site-packages/rsa/pem.py
> -usr/lib/python3.8/site-packages/rsa/pkcs1.py
> -usr/lib/python3.8/site-packages/rsa/pkcs1_v2.py
> -usr/lib/python3.8/site-packages/rsa/prime.py
> -usr/lib/python3.8/site-packages/rsa/randnum.py
> -usr/lib/python3.8/site-packages/rsa/transform.py
> -usr/lib/python3.8/site-packages/rsa/util.py
> +#usr/lib/python3.10/site-packages/rsa
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/PKG-INFO
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/SOURCES.txt
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/dependency_links=
.txt
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/entry_points.txt
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/requires.txt
> +#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/top_level.txt
> +usr/lib/python3.10/site-packages/rsa/__init__.py
> +usr/lib/python3.10/site-packages/rsa/_compat.py
> +usr/lib/python3.10/site-packages/rsa/asn1.py
> +usr/lib/python3.10/site-packages/rsa/cli.py
> +usr/lib/python3.10/site-packages/rsa/common.py
> +usr/lib/python3.10/site-packages/rsa/core.py
> +usr/lib/python3.10/site-packages/rsa/key.py
> +usr/lib/python3.10/site-packages/rsa/parallel.py
> +usr/lib/python3.10/site-packages/rsa/pem.py
> +usr/lib/python3.10/site-packages/rsa/pkcs1.py
> +usr/lib/python3.10/site-packages/rsa/pkcs1_v2.py
> +usr/lib/python3.10/site-packages/rsa/prime.py
> +usr/lib/python3.10/site-packages/rsa/py.typed
> +usr/lib/python3.10/site-packages/rsa/randnum.py
> +usr/lib/python3.10/site-packages/rsa/transform.py
> +usr/lib/python3.10/site-packages/rsa/util.py
> diff --git a/lfs/python3-rsa b/lfs/python3-rsa
> index 79a835220..7e575c3c7 100644
> --- a/lfs/python3-rsa
> +++ b/lfs/python3-rsa
> @@ -24,15 +24,15 @@
> =20
>  include Config
> =20
> -VER        =3D 4.0
> +VER        =3D 4.8
> =20
>  THISAPP    =3D rsa-$(VER)
>  DL_FILE    =3D $(THISAPP).tar.gz
>  DL_FROM    =3D $(URL_IPFIRE)
> -DIR_APP    =3D $(DIR_SRC)/python-rsa-version-$(VER)
> +DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
>  TARGET     =3D $(DIR_INFO)/$(THISAPP)
>  PROG       =3D python3-rsa
> -PAK_VER    =3D 3
> +PAK_VER    =3D 4
> =20
>  DEPS       =3D
> =20
> @@ -44,7 +44,7 @@ objects =3D $(DL_FILE)
> =20
>  $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
> =20
> -$(DL_FILE)_MD5 =3D 13a71a55588c97de45fb9887cae6da90
> +$(DL_FILE)_MD5 =3D edb224f927cf8f53ff530ab04d092c69
> =20
>  install : $(TARGET)
> =20

--===============8787410405436687384==--